Security firm Symantec is reporting that hackers, likely working for the Chinese government, commandeered tools used against China by the U.S. National Security Agency (NSA) — and then used the cyberweapons to attack American allies.
“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Eric Chien, a Symantec security director, told The New York Times.
According to Symantec’s report, which was published on Monday, the Buckeye group — a team of hackers the U.S. government believes works for the Chinese Ministry of State Security — started using modified versions of two NSA tools as far back as March 2016 to carry out cyberattacks on Belgium, Luxembourg, Vietnam, the Philippines, and Hong Kong.
The New York Times has reported that the specific targets included “scientific research organizations, educational institutions, and the computer networks of at least one American government ally.”
Sly Spy Fail
Though Symantec’s team couldn’t say for sure, they suspect the Buckeye group got ahold of the code for the cyberweapons after noticing the NSA using the tools against China.
As Orla Cox, Symantec’s director of security response, told Forbes, “Anyone — from individuals, organizations, or nation-states — offensively using tools such as backdoors, vulnerabilities, or exploits should consider there is no guarantee your tools won’t be leaked and used against you.”
READ MORE: How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks [The New York Times]
More on cyberattacks: The US Finally Has a Defense Agency Devoted to Cybersecurity